Category - Networking

Hybrid Cloud: you know you can set it up, but how much is right for you?

When I talk with Customers about Microsoft Azure, I can usually gauge pretty quickly if they are ready to dive or not quite ready yet. Lets face it, if you are a die hard IT Pro who has been working On-Premises for the bulk of your career, starting to use “The Cloud” can be a little unnerving. That’s one of the reasons I always try to get something across from the start: Using public cloud resources should be an AND conversation, not a mutually exclusive OR conversation.

No one is trying to get you to drop and migrate all your resources out to “The Cloud”.

I started dabbling in Microsoft Azure a while back, when IaaS first came out.  Things have changed a lot since then, lots of new functionality has been added and it’s getting easier and easier to use. I’ve started to think about it as simply “another” location I could use when I decide to deploy new virtual machines. What are your options for connectivity to these machines? You can abstract it out to 4 levels of connectivity:

  1. Remote Management only: When you spin up new systems in Azure – You control remote connectivity to the machine by modifying things called EndPoints. There are only 2 EndPoints that are open for remote management – an RPD session on a custom port and remote management port is open.   End result, you can get into your machine and if there are multiple machines in your setup, they could have connectivity to each other.
  2. Point to Site VPN: I typically see this one as a quick and dirty connection method for a single machine that resides on premises to have unfettered access to the machines up in Azure. Think of this as either a development box or maybe a database server that you want to keep on-premises for whatever reason, but you want the machines in Azure to have two way communication back to it. Simple to setup, easy to manage.  You configure this from the Azure portal and download the VPN client to run on the box.
  3. Site to Site VPN: Similar to the Point to Site, but it requires some additional setup.  You have to define all the subnets you want connectivity to on premises and in Azure and then download a Gateway configuration script. It could either be a hardware router that need to setup on premises or it could be a configuration file that you can load into a Windows Server 2012 R2 RRAS server. The nice thing about this option is that connectivity is not limited to only one system.  Any system that is within the network ranges you defined will be able to route it’s packets out to Azure and Back.
  4. ExpressRoute: This is the ultimate connectivity option if you plan on going full on Hybrid after trying out one of the other three options.  This is a subscription service which can be enabled on your account that leverages an existing connection you have with one of our partner network providers.  Our partner providers have direct connections to various Azure Regions, allowing for a direct connection from your network over their private lines into the Azure Datacenter.  Your packets are never transmitted over the public internet – it all stays within the network of the provider or Azure Datacenter at a very high speed with minimal latency.  This option comes in very handy when you have a large number of resources on premises that need connectivity without latency up to the Azure world.

I have had very good success using both the Point to Site and Site to Site VPN in smaller production rollouts or pilots / proof of concepts. When it comes to a more robust connectivity options, ExpressRoute is definitely the top tier solution.

Breaking news: We made some announcements at TechEd Europe this week – two additional European partners have been added to the ExpressRoute family (Orange and BT).

Hyper-v Extensible Switch in Windows Server 2012 R2

A while back, when Windows Server 2012 was codenamed “Windows Server 8”, I sat down and talked with Bob Combs, a Sr. Program Manager on the Windows Core Networking Team about the newly released “Hyper-V Extensible Switch”.  Well, now that Windows Server 2012 R2 has been released and planning has already begun for whatever comes next – I decided it was time to pay Bob a visit and get the details on what was new in Extensible Switch land…

Pretty cool stuff.

This is the start of a bunch of video interviews I’ll be doing over the next while. Let me know if you have teams / topics you’d like me to reach out to and see if they are interested in sitting down to chat.

PlayPlay

How To: Change NIC binding order in Windows 8 and Windows Server 2012

imageAn unexpected slowdown issue had me baffled a not too long ago with timeouts to online services, web surfing, network access – generally everything had delays in starting / connecting. For the life of me, I couldn’t figure out why.

Then it struck me. I was using Windows 8 Hyper-V feature for some screencasts here on the blog as well as impromptu demos and I had created various INTERNAL and PRIVATE networks in order to isolate my VMGuests from the production network. By doing the newer INTERNAL networks – I had created new network adapters on my corporate client machine which screwed up my binding order!

A quick swipe to the start screen and typing of “binding” didn’t turn up anything in the search.  I then remembered the GUI way of surfacing the binding order configuration tool.

 

The Steps?

  • Just open your Network and Sharing Center.
  • Press an ALTkey on your keyboard to show the menu bar.
  • Click on the Advancedmenu
  • choose Advanced Settingsoption
  • Adjust your binding order for your NICs to ensure your primary CORP ones are at the TOP

Silly me!

Windows Server 2012 Hyper-V guest IOps and network portability demos

I have the good fortune of working with some great folks here at Microsoft HQ – some of which I have been following for quite some time. Last week at TechEd NorthAmerica Jeff Woolsey was on the main keynote stage demonstrating a whirlwind of functionalities and achievements of the next generation of Hyper-V in Windows Server 2012. I’ve pulled out two things that interest me VERY much I thought I’d share.

Specifically – the VM Guest capability of getting 3x the IO throughput via the new virtual HBA adapters then VMware guests can get.  We almost hit 1 million IOps with this demo on stage, but I swear I saw it over a million in rehearsal that morning and the night before.

Also of interest is the IP portability demo that was part of the TechEd North America and Europe “foundation” session I produced. It was called “Modernizing your Datacenter” which was well received. Taking the keyboard for the demo is my friend Michael Leworthy to show us what Windows Server 2012 and System Center Virtual Machine Manager 2012 can do for scenarios like Hosters or Mergers and Acquisitions.

Windows PC SCAM help via Microsoft Canada

hacker_0

Even though I moved to the “Mother Ship” here in Redmond back in January – I still get emails, texts, Tweets and Facebook Updates about someone who has had a relative / friend who has unfortunately been scammed by some FRICKIN’ A** Holes social engineering their way into their PC. The “technicians from Microsoft” are slick, say the right things, play on the fear of the individual and their lack of knowledge about technology and inevitably convinces them to either:

  • sign up for a security service that makes their system more infected and has their data and machine held hostage for regular payments
  • allows them to install malware on their system thinking that it is some sort of anti-virus
  • harvests information for identity theft and credit card scams / skimming
  • takes control of their email / social accounts to impersonate them online and scam their friends as well

It just goes on and on. It’s very infuriating and frustrating hearing about it and can be quite difficult to help them out remotely – I’d rather drive to their home and fix it personally out of principal – but that just won’t work.

What can YOU do about it? Well – first step in solving the problem is INFORMING yourself and ALL OF YOUR CONTACTS – friends, relatives, play-group friends, kids ball teams / hockey teams – just get this information out there.

The number ONE law of computer security (paraphrasing here) is “if a bad guy can persuade you to run his/her program on your computer, it’s not your computer anymore”.  This applies if you allow others to socially engineer you into installing software yourself or allowing them to remote into your system.

My friends back at Microsoft Canada have had a go at creating an InfoGraphic to help get the information out as well as what to do if you have been scammed. Feel Free to Download it, share it out, post it up on Facebook – tweet it – whatever you like – just get the word out!

MSFT-PhoneScam-Infographic-FINAL

HowTo: Optimizing your Home Wireless Network

SNAGHTML25d5ade1So now that we have Joey figured out in the last article – I got pinged by @kjb_Photography on twitter yesterday – asking about extending coverage in his home wireless networking environment. I could take the consultant answer easy out and reply “it depends” but hey – this is a learning environment, let me share what I did in my house and what you can do to yours to improve your WiFi experience at home with consumer hardware.

First off – I don’t proclaim to be a wireless expert in any sense of the word. I read the manuals (on occasion) or ping my friends who actually ARE wireless experts who implement secure wireless solutions for the likes of various acronym “security agencies” here in Canada.

Where would I start? Know your Antennas.

WRT54G_Linksys_Router_with_7_dBi_AntennasMost home networking routers have your typical antennas that should be for the most part oriented straight up (or down if ceiling mounted) and away from any dense structures like walls or metal filing cabinets. To keep this simple – the signal strength emanates outwards from these antennas for the most part as a circle (or ellipse) and when they are upwards or downwards facing – the signal extends horizontally in all directions (omnidirectional). If you rotate the antenna to ne horizontal – it would go vertical in all directions – if you get my drift. Here’s a picture of my main router bad boy Linksys with upgraded 7 dbi antennas. More dbi – more power (I feel like Tim the Toolman right now). Wireless N routers with multiple antennas or internal antennas are different with their spread – but whatever modem you purchased probably came with a manual or online link to a manual talking about placement and antenna coverage. Go dig it out and find it – RTFM.

The single most screwed up reason why WiFi sucks at your house?

Location… Location… Location!

Get yourself a good LONG cable to put your main AccessPoint/Router wherever you are going to get the best coverage for your home / office layout. Don’t put it up against a wall unless you want less coverage behind that wall – especially if it is a cement wall or in my case a double layer brick wall (live in a century home). You know that you should chuck out that dinky little 2 foot Ethernet cable that comes with your internet modem or router and get a 50 footer or whatever suits your needs to optimally place your router for coverage.

WirelessDiagram

I approached wireless in my house the same way I would approach fitting up an office. Where would you put wireless access points with antennas to cover the best signal horizontally (not vertically)? I have that big dual 7 dbi Linksys as the main internet router and Wireless AccessPoint at the back on the second floor. I then run a cable up to the home office on the 3rd floor to my main switch where I have a generic dLink router/wireless combo device plugged in for 3rd floor coverage. My second run goes down under the kitchen into the basement and up into the middle of the 1st floor. my Linksys 610N sits on top of a bookshelf – away from the exterior walls.

Ideally I would put the main router in the middle of the second floor – but I chose the back for two reasons – it gives me signal in the back yard and it is where the main internet line comes into the house.

That’s a lot of AccessPoints!

imageYes – I am “Tim the ToolMan” excessive with coverage in my house – but I had old routers laying around. The trick to make everyone happy is to have each router configured with the same SSID and the same WPA2 password. I also choose channels and frequencies where there is less congestion with my neighbours (more on this later). I  can “roam” from floor to floor, inside and out without an issue.  To configure the two AP devices (again – just regular routers I had laying around) I configured each so they had unique IP addresses – I use the 192.168.10.x network so something as simple as 192.168.10.1 for main router, 192.168.10.2 for dining room and 192.168.10.3 for the home office.  Each was plugged in to the INTERNAL bank of Ethernet ports – not the INTERNET port that is usually plugged in to the internet provider. I also turned off all DHCP servers except for the main Linksys.

You own router might have specific modes where it acts just as an Access Point – mine didn’t so I went the manual route I described above.  I didn’t have to go out and purchase APs directly for additional cost – I just used what I had at hand. Likewise – you can BUY AccessPoints that are not routers and all they do is serve up wireless networks.  I strategically placed my new Linksys 610N on the main floor so I could run a cable from it directly to my xBox – can’t do that with a simple AccessPoint.

So – a long story to say that the quickest and easiest way to extend your wireless network is a two step process:

  1. Properly place the first router/Wi-Fi point in your house centrally for coverage.
  2. get yourself a long cable to plug into the first router networking ports and run the cable to second Wi-Fi router / Access Point where you need more coverage.
    1. just make sure you configure the second router to not serve up DHCP
    2. have a proper IP address that is different then your main router
    3. plug the cable into the regular networking ports – not the INTERNET port
    4. duplicate the SSID and WPA2 password as the first router

A second option is to opt for a Wireless Repeater type of Access Point – but I’m not a fan of these – mainly because your second device that is placed further away from the main AccessPoint will be “serving up” a connection that will have a bottle neck of however fast / however reliable the WiFi is at it’s location.  So sure – you have strong signal, but you have a choke point of throughput as it relays the network traffic to the 1st Access Point.  Go with cable – cheap and Fast.

Do you know if you have Spectrum Congestion?

Lastly – I mentioned Channels and less congestion. Everyone has wireless devices in your neighbourhood and they all talk on the same frequency and similar channels of that frequency.  More chatter = crappier speed and reliability. Best solution for you to find the right spectrum from multiple points in your house?  A laptop with a free copy of inSSIDer 2 running to help you determine what your local spectrum looks like for congestion.

SNAGHTML263727e3

You can see I live in a congested area and I currently have strong signal in my house over the channels I have the wireless set to use.  However – what you don’t see is that even though there are at least 6 routers that support Wireless N technology – none of them are configured to use the 5 GHz range which is currently Free and Clear to use.

Looks like I need to upgrade my wireless networking gear.

What does your wireless architecture look like?

How to re-broadcast a public WiFi network

I was catching up with Joey the @AccordionGuy earlier today – chatting over coffee. He used to work on the same team as me at Microsoft before heading out on his next adventure. His current gig has him living in a luxury furnished bachelor pad here in Ottawa with all the amenities – including Big Screen TV, stereo, private coffee bar and free High-speed internet.

Seriously – what more could you ask for?

imageHow about a better internet service – one with a WIRED connection? You see – his internet is provided by a common travelers ISP who shall remain nameless (starts with Data, ends with Valet).  It’s the type of service where you login and you are allowed to use ONE IP at a time. That’s a bit stingy and old school in a world where we all carry multiple WiFi connected devices (iPad, Slates, Tablets, Xbox 360s, smartphones, laptops, desktops).  Remember – I did say that he is living here away from his home base for the summer – he’s got lots of requirements for connectivity – AND NO WIRED INTERNET CONNECTION. Normally this would be an easy fix – buy a travel router and plug in – done deal. I remembered that I used to have a hardware travel router that could re-broadcast one WiFi network as your own and therefore share it with multiple devices. Unfortunately as with some things that I touch – this travel router died for some reason and I was left scratching my head for options.

CTR350Part of my Traveling kit of technology I use for my day job while presenting on the road is a Cradlepoint CTR350 travel broadband router. It has the ability to very simply plug in to a wired connection and act as an Access Point for wireless devices. Very simple – but requires either a wired connection OR a USB DataStick activated with Bell or Rogers in order to have an internet source. It doesn’t have the re-broadcast capabilities I am looking for in this situation. Plus – I wasn’t about to leave it in Joey’s hands for the summer – you never know what kind of surfing he’d be doing.

Wireless N Portable Router (CTR35)                                             A little further research and I discovered that the current product line is called the Cradlepoint CTR35 and has the feature I am looking for – WiFi as WAN. This simply allows you to re-broadcast a visible secure or unsecured WiFi network with your own SSID and settings – for up to 16 wireless clients. I won’t bore you with the details – but here’s the step by step process on how to enable it on their CTR35 device (remind me to go pick one up, would you?).  There – one problem solved – Joey just needs to find one and he’s off to the races.

If you are a road warrior – invest some cash and get something like this – especially the updated CTR35 with this re-broadcasting capability – it will pay off in spades. I use my older one with USB stick to offer up Internet connectivity at locations where public WiFi isn’t available and I want to give access to friends around me.

But what if I don’t have one?

imageDigging further still – there is some free software that builds upon the little known WiFi Access Point hotspot mode of Windows 7. I found out about this from @Oising at TechDays Montreal back in November of 2010. You can take a Wired internet connection and broadcast it out over your supported Wireless card – provided it’s running a supported set of drivers. I mention it Builds upon the solution since it ALSO adds the ability to re-broadcast a public WiFi network.  The software called “Connectify” – it’s FREE (ad supported) and is available from http://connectify.me/

After downloading it from the webpage (links to download.com) and running the install – it does recommend you install a specialized browser for Facebook (they make something like that?) which I quickly declined. I authorized it to install a couple of connectify network drivers (required for the magic of simplifying the re-broadcasting) and then launched the program. It runs minimized in your system tray and has an easy to use non-technical Wizard interface to set things up for you.

image

I don’t quite get the dude with the roman outfit – but whatever turns your crank I guess.

Remember the part where I mentioned “supported drivers”. Well – it turns out that my sample laptop (Dell Latitude XT2 tablet) I was setting this up on does not have a supported wireless card that would support turning my laptop into a Wireless Access Point – only an Ad-Hoc network which doesn’t cut the mustard.

image

Bummer. To save yourself some time – here is their list of supported cards / wireless chipsets.

All that being said – their interface – once you are past the wizard to do the initial configuration seems simple enough – you bring it up from the task bar icon.

image

Stuck like me with a laptop that isn’t supported and still want to use it? If you read through to the bottom of their list of supported and unsupported cards – you’ll notice one USB wireless adapter that is supported – Intellinet Wireless-N USB Adapter. You can pick one of these up and be on your way.

A quick check of the other laptops and netbooks across the house revealed that I’m S.O.L. I can’t actually test this puppy out! Looking at the techspecs of Joey’s Dell laptop – he has a 75% chance it will work (he has 4 options of wireless cards – three are on the good list).

This blog post ends with a “to be continued” until I can find hardware in my crib that actually is supported – or if I hear back from any of you about your personal experiences. Please do tell – did it work for you?

What about you Joey? any luck or are you going the Cradlepoint hardware route?